Slideshare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our User Agreement and Privacy Policy.

Slideshare uses cookies to improve functionality and performance, and to provide you with relevant advertising. If you continue browsing the site, you agree to the use of cookies on this website. See our Privacy Policy and User Agreement for details.

Securing the Cloud by Matthew Rosenquist 2016

The Cloud is both compelling and alluring, offering benefits that entice many organizations into rapid adoption. But caution should be taken. Leveraging cloud technologies can offer tremendous opportunities, with the caveat of potentially introducing new security problems and business risks. Presented are strategic recommendations for cloud adoption to a community of application and infrastructure developers.

Securing the Cloud by Matthew Rosenquist 2016

3.
4
Cloud architecture and services are
powerful tools and can deliver great
benefits for business owners.
 Cost effectiveness
– Utilization optimization
– Extensibility for growth and change
 Services closer to the customer
 Resiliency and demand-flexibility
 Capacity for data and transactions
Benefits of Cloud

4.
Risks of Cloud
5
The adoption and use of clouds have
risks. Problems with security, privacy,
and operational control can arise.
 Confidentiality of information
 Privacy of users and their data
 Availability and control of the system
 Unawareness of issues which arise
 Complacency, assuming everything is
fine

5.
Cloud Security
6
Clouds are not secure by default.
Protection is an important
consideration. Planning, integration,
maintenance, and oversight is
required.
 Security is a top concern for IT
organizations moving to the cloud
 Cloud providers are investing to greatly
improve security and privacy
 Balance the risks, usability, and costs
 Consider the continually evolving threats

12.
Crisis Response
15
Bad things eventually happen. It is
important and the duty of all service
owners to have an appropriate plan.
This includes preparing for security and
privacy events.
 Be prepared. Have response and recovery
plans
 Include Command, Control, and
Communication functions in the plan
 Audit and test procedures
 Maintain backups and verify their integrity
 Include DRBC as part of the planning stage

13.
Accountability
16
Cloud environments are powerful
tools but not immune to problems.
They require responsible ownership
and oversight.
 Be accountable. Maintain ownership and
transition as necessary
 Operations due-care and diligence for
security and privacy
 Remain current on emerging threats
 Alignment to corporate ethics
 Protection across the lifecycle from
creation to End-of-Life

15.
Conclusion
18
Cloud can be a tremendous
opportunity or an equally
miserable problem
Engage security and privacy
resources
Take responsibility for
ethical/policy adherence, and
make good business choices
Be aware, think ahead, and plan